Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4409

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-4409
Last Modified 23 Jun 2009 01:26:17
Published 03 Oct 2008 01:41:40
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-4409

Summary

libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities definitions" in entities, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash), as demonstrated by use of xmllint on a certain XML document, a different vulnerability than CVE-2003-1564 and CVE-2008-3281.

Vulnerable Systems

Application

  • Xmlsoft Libxml2 2.7.0

  • Xmlsoft Libxml2 2.7.1


References

FEDORA - FEDORA-2008-8582

FEDORA - FEDORA-2008-8575

XF - libxml2-xml-file-dos(45633)

VUPEN - ADV-2009-1621

VUPEN - ADV-2009-1522

BID - 31555

MANDRIVA - MDVSA-2008:212

CONFIRM - http://support.apple.com/kb/HT3639

CONFIRM - http://support.apple.com/kb/HT3613

GENTOO - GLSA-200812-06

SECUNIA - 35379

SECUNIA - 32974

SECUNIA - 32175

SECUNIA - 32130

MLIST - [oss-security] 20081002 libxml2 "ampproblem" DoS

APPLE - APPLE-SA-2009-06-17-1

APPLE - APPLE-SA-2009-06-08-1

CONFIRM - http://bugzilla.gnome.org/show_bug.cgi?id=554660

Related Patches

Apple 2009-06-08 Safari Update 4.0.1 (Leopard)

Apple 2009-06-08 Safari Update 4 (Tiger)


Last Updated: 27 May 2016 10:48:30